Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9479

    • Updated:
    • 2 Dec 2020
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9479      December 1, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9479.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9479.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 5
 Modified Filters (logic changes) - 5
 Modified Filters (metadata changes only) - 3
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38499: HTTP: Jenkins Pipeline Groovy Plugin Sandbox Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a sandbox bypass vulnerability in Jenkins Pipeline Groovy Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-1003030
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 01, 2020

    38510: HTTP: PHP-Fusion Downloads.php Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in PHP-Fusion.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-24949
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 01, 2020

    38511: HTTP: Nagios XI SNMP Trap SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 01, 2020

    38513: HTTP: Apache OpenMeetings NetTest Web Service Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to use the NetTest service of Apache OpenMeetings.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13951
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 01, 2020

    38515: HTTP: Nagios XI Graph Explorer visFunctions.inc.php Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-15902
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 01, 2020

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    35671: TCP: Oracle WebLogic Server IIOP Deserialization of Untrusted Data Vulnerability (ZDI-20-1274)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "35671: ZDI-CAN-10818: Zero Day Initiative Vulnerability (Oracle WebLogic Server)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: December 01, 2020

    37869: HTTP: Advantech R-SeeNet device_position device_id SQL Injection Vulnerability (ZDI-20-1262)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37869: ZDI-CAN-11373: Zero Day Initiative Vulnerability (Advantech R-SeeNet)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: December 01, 2020

    37890: HTTP: WECON LeviStudioU HFT File Parsing Buffer Overflow Vulnerability (ZDI-20-1351)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37890: ZDI-CAN-11097: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 01, 2020

    37891: HTTP: WECON LeviStudioU HFT File Parsing Buffer Overflow Vulnerability (ZDI-20-1352)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37891: ZDI-CAN-11098: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 01, 2020

    37892: HTTP: WECON LeviStudioU HSC File Parsing CharSize Attribute Buffer Overflow (ZDI-20-1353)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37892: ZDI-CAN-11100: Zero Day Initiative Vulnerability (WECON LeviStudioU)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 28, 2020
      - Last Modified Date: December 01, 2020

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    34780: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1273)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: December 01, 2020

    38010: TCP: Oracle WebLogic Server IIOP Deserialization of Untrusted Data Vulnerability (ZDI-20-1276)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38010: ZDI-CAN-11453: Zero Day Initiative Vulnerability (Oracle WebLogic Server)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: December 01, 2020

    38063: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1277)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Vulnerability references updated.
      - Release Date: September 01, 2020
      - Last Modified Date: December 01, 2020

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000283029
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.